CZ
E-shop
DYNEX
GLOBAL

Protection of personal data

For easy orientation to quickly move to the required part of clicking on the link.

 

Personal data processing policy of DYNEX TECHNOLOGIES, spol. s r.o.

1.1. In accordance with Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and other binding legal regulations, DYNEX TECHNOLOGIES, spol. s r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 481 08 731, reg. by CR file no. C 15914 administrated by the Municipal Court in Prague, as a data controller only in an appropriate extent collects, process and stores personal data which were or will be provided by the subject of personal data on the basis of:

  1. 1.1.a) a data subject has given its consent to process his or her personal data for one or more specific purposes, in particular, to send marketing communications, where the data subject is entitled to withdraw at any time, in accordance with the procedure set forth by par. 1.2, or in any other way specified on the DYNEX website; the withdrawal of consent is without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal;
  2. 1.1.b) processing is necessary to meet DYNEX's contract with the data subject or with the person for whom the data subject is acting or for the implementation of pre-contract measures at the request of the data subject or the person for whom the data subject is acting, particularly while negotiating, concluding or fulfilling the contract;
  3. 1.1.c) processing is necessary to meet the DYNEX’s legal obligation, in particular, to keep to the statutory extent of accounting and to keep tax documents, to report any adverse events or to send informative communications according to the relevant legal regulations;
  4. 1.1.d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. 1.1.e) processing is necessary for the performance of a task carried out in the public interest;
  6. 1.1.f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


    1. 1.2. If the data subject decides to exercise his right granted to him by the GDPR or this section of the Privacy Policy:

      1. 1.2.a) towards DYNEX, can do so free of charge at any time via a message sent to the following email address: gdpr@dynex.cz when DYNEX notifies the data subject about the measures taken, or why no action has been taken or otherwise meets its request without unnecessary delay, within a maximum of 30 days; in complex cases, the time limit may be extended by a further 60 days, but the data subject must be notified during the basic period;
      2. 1.2.b) towards the supervisory authority in the form of a complaint, can do so at any time via a message sent to the e-mail address posta@uoou.cz, by posting via data box to qkbaa2n or by writing to The Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7.


      1.3. The data subject acknowledges that processing applies particularly to the identification and contact details provided by him or her to DYNEX, such as:

      1. 1.3.a) name and surname;
      2. 1.3.b) electronic contact for electronic mailing (e-mail address);
      3. 1.3.c) phone number;
      4. 1.3.d) work position;
      5. 1.3.e) identification no.;
      6. 1.3.f) taxpayer no.;
      7. 1.3.g) registered seat.
      8. Further data might be processed which were not provided directly by the data subject, such as:
      9. 1.3.h) IP of the device used to access the data controller's website;
      10. 1.3.i) interaction with the data controller's website;
      11. 1.3.j) interaction with the active elements embedded into commercial communication sent by data controller;
      12. DYNEX, while processing the personal data of the data subjects, complies with generally binding legislation and takes care to protect the privacy of data subjects.


      1.4. Under the terms of any generally binding legal regulation, the data subject is not obliged to provide DYNEX with the consent to the processing of its personal data or its personal data; the provision of personal data is entirely voluntary.


      1.5. DYNEX will process the personal data of the data subject automatically in the electronic database as well as manually in a paper form.


      1.6. Data subject’s personal data will only be processed by DYNEX for the following purposes:

      1. 1.6.a) provision of negotiated performance and agreed services and services related thereto, including negotiations on the conclusion of a contract or its change and performance of the conclusion of a contract;
      2. 1.6.b) protection of the legitimate interests pursued by the controller, as well as protection of the vital interests of the data subject or of another natural person;
      3. 1.6.c) for compliance with a legal obligation to which the controller is subject (i.e. to archive the tax documents according to the VAT Act);
      4. 1.6.d) performance of a task carried out in the public interest, shall DYNEX be obliged to perform such a task;
      5. 1.6.e) marketing and commercial purposes.


      1.7. For marketing and commercial purposes under Article 1.6 (e), personal data of a data subject Entity may be processed only if the data subject has granted consent pursuant to 1.1 (a, or DYNEX obtains from its customer details of the electronic contact for electronic emailing in relation to the sale of goods or the provision of the service. In such a case, the data subject is always entitled to refuse to consent to such use of its electronic contact even when sending each individual message if it has not initially refused this use by using the appropriate hyperlink in such a message or by sending the refusal to consent to such use of its electronic contact pursuant to 1.2.a).


      1.8. Personal data according to 1.1.a) will only be processed for as long as the consent of the subject of personal data with their processing will hold, when processing personal data according to 1.1.b) - f), only for the period necessary for the purpose of their processing.


      1.9. Within 3 calendar months at the latest after the processing period according to Article 1.8 has expired, in case of withdrawal of the consent of the personal data subject with processing of personal data according to 1.1.a) without undue delay, the relevant personal data, for which the purpose of their processing has ceased, are destroyed or anonymized . Anonymization of a personal data means the deletion of the identifiers (of all or some) of the data subject to such an extent that it is permanently and irreversibly impossible to identify it. The processed information as a result of anonymization will cease to be personal data.


      1.10. For the purposes of Article 1.6.a), DYNEX will, to the extent necessary, transmit the personal data of the data subject to third parties who will participate in the performance of the contractual obligations (e.g. shipping companies) or to members of its business group (companies DYNEX LABORATORIES, s.r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43 , company ID 266 82 443, reg. by CR file no. C 87028, administered by the Municipal Court in Prague and DYNEX LabSolutions, s.r.o., seated at Prague 1, Nové Město, Senovážné náměstí 978/23, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 066 16 631, reg. by CR file no. C 285541 administrated by the Municipal Court in Prague). However, DYNEX does not publish any processed personal data under any circumstances.


      1.11. The personal data of the data subject may then, to the extent necessary, be transferred to the processor with whom DYNEX has entered into a contract for the processing of personal data.


      1.12. The data subject acknowledges that DYNEX may provide its personal data to a requesting public authority (such as a court or the police of the Czech Republic) to the extent and under the conditions laid down by generally binding legal regulations.


      1.13. DYNEX will always ensure the safe transmission of personal data and its confidentiality when passing on to a third party as well as on its own processing.


      1.14. DYNEX, at the request of a data subject filed in accordance with 1.2 (a), will confirm that it processes personal data concerning it. In such a case, the data subject is entitled to obtain access to such personal data, request DYNEX to rectify it in accordance with 1.17. or erase it according to 1.18, limit their processing according to 1.19. or object to such processing in accordance with 1.15. Further, the data subject has the right to obtain access to information about:


      1. 1.14.a) the purpose of the processing of personal data;
      2. 1.14.b) the categories of personal data concerned;
      3. 1.14.c) the recipients or categories of recipients to whom personal data has been or will be made accessible, in particular of recipients in third countries or within international organizations;
      4. 1.14.d) the period for which the personal data will be stored or if it is not possible to determine the criteria used to determine such a period;
      5. 1.14.e) any available information on the source of personal data, unless it has been obtained from the data subject;
      6. 1.14.f) profiling, which means any form of automated processing of personal data consisting of their use for the assessment of certain personal aspects relating to a data subject;
      7. 1.14.g) transfer of personal data to a third country or international organization.


      1.15. The data subject has the right, in accordance with the procedure in 1.2a), at any time to object:


      1. 1.15.a) against the processing of personal data concerning him or her under 1.1 e) or f), including profiling based on data processed in accordance with these provisions; In such case, DYNEX shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
      2. 1.15.b) against the processing of personal data concerning him or her for marketing purposes, as well as against profiling where this is the case; DYNEX shall no longer process personal data in this case.


      1.16. Where not adversely affecting the rights and freedoms of others, DYNEX will provide a data subject with a copy of the personal data undergoing processing, usually in electronic form, unless the data subject requests a different form of provision. For additional copies provided at the request of a data subject, DYNEX may charge a reasonable fee based on administrative costs.


      1.17. The data subject shall have the right to obtain from DYNEX without undue delay the rectification of inaccurate personal data concerning him or her, or where applicable to have incomplete personal data completed, including by means of providing a supplementary statement.


      1.18. Where it is not the case when processing of personal data is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which DYNEX is subject or for the performance of a task carried out in the public interest or for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices or for the establishment, exercise or defence of legal claims, the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:


      1. 1.18.a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. 1.18.b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing according to 1.1;
      3. 1.18.c) the data subject objects to the processing pursuant to 1.15 and there are no DYNEX’s legitimate grounds for the processing overriding the rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
      4. 1.18.d) the personal data have been unlawfully processed;
      5. 1.18.e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law;
      6. 1.18.f) the personal data has been collected in relation to the offer directly to a child under the age of 16, based on his / her consent under 1.1 a).


      1.19. The data subject shall have the right to obtain from DYNEX restriction of processing where one of the following applies:

      1. 1.19.a) the accuracy of the personal data is contested by the data subject, for a period enabling DYNEX to verify the accuracy of the personal data;
      2. 1.19.b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
      3. 1.19.c) DYNEX no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
      4. 1.19.d) the data subject has objected to processing pursuant 1.15 pending the verification whether the legitimate grounds of DYNEX override those of the data subject.


      1.20. DYNEX shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with 1.17 – 1.19 to each recipient to whom the personal data have been disclosed unless this proves impossible or involves a disproportionate effort. DYNEX shall inform the data subject about those recipients if the data subject requests it.


      1.21. Where the personal data processing is based on a consent of a data subject according to 1.1.c) or on a contract according to 1.1.b) and is carried out by automated means, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to DYNEX, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from DYNEX. That right shall not apply to processing necessary for the performance of a task carried out in the public interest and shall not adversely affect the rights and freedoms of others. In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from DYNEX to another controller, where technically feasible.


      1.22. DYNEX does not make decisions based solely on automated decision making or profiling that would have a legal effect on the data subject or had a significant impact on him. Profiling is carried out by DYNEX solely for the purpose of improving the quality of service provided and marketing.


      1.23. Given that DYNEX has put in place appropriate technical and organizational safeguards for all personal data of data subjects to prevent high risks for their rights and freedoms as a result of a breach of personal data protection, it is very unlikely that the personal data breach shall occur. However, if this highly unlikely situation (i.e. a breach of security of personal data) occurs, DYNEX will report such violation to the data subject without undue delay, including a contact point that can provide more detailed information, a description of the likely consequences of a personal data breach and a description of measures taken or proposed by DYNEX for adoption in order to resolve the personal data breach, including any measures to mitigate possible adverse impacts.

       

       

      This version of Personal data processing policy has been in force since May 25th, 2018

                                                                                                                                                    Ing. Zora Hanzlíková, v. r.

                                                                                                                                                    DYNEX TECHNOLOGIES, spol. s r.o.




      Personal data processing policy of DYNEX LABORATORIES, s.r.o.

      1.1. In accordance with Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and other binding legal regulations, DYNEX LABORATORIES, s.r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43 , company ID 266 82 443, reg. by CR file no. C 87028, administered by the Municipal Court in Prague, as a data controller only in an appropriate extent collects, process and stores personal data which were or will be provided by the subject of personal data on the basis of:

      1. 1.1.a) a data subject has given its consent to process his or her personal data for one or more specific purposes, in particular, to send marketing communications, where the data subject is entitled to withdraw at any time, in accordance with the procedure set forth by par. 1.2, or in any other way specified on the DYNEX website; the withdrawal of consent is without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal;
      2. 1.1.b) processing is necessary to meet DYNEX's contract with the data subject or with the person for whom the data subject is acting or for the implementation of pre-contract measures at the request of the data subject or the person for whom the data subject is acting, particularly while negotiating, concluding or fulfilling the contract;
      3. 1.1.c) processing is necessary to meet the DYNEX’s legal obligation, in particular, to keep to the statutory extent of accounting and to keep tax documents, to report any adverse events or to send informative communications according to the relevant legal regulations;
      4. 1.1.d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
      5. 1.1.e) processing is necessary for the performance of a task carried out in the public interest;
      6. 1.1.f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


      1.2. If the data subject decides to exercise his right granted to him by the GDPR or this section of the Privacy Policy:

      1. 1.2.a) towards DYNEX, can do so free of charge at any time via a message sent to the following email address: gdpr@dynex.cz when DYNEX notifies the data subject about the measures taken, or why no action has been taken or otherwise meets its request without unnecessary delay, within a maximum of 30 days; in complex cases, the time limit may be extended by a further 60 days, but the data subject must be notified during the basic period;
      2. 1.2.b) towards the supervisory authority in the form of a complaint, can do so at any time via a message sent to the e-mail address posta@uoou.cz, by posting via data box to qkbaa2n or by writing to The Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7.


      1.3. The data subject acknowledges that processing applies particularly to the identification and contact details provided by him or her to DYNEX, such as:

      1. 1.3.a) name and surname;
      2. 1.3.b) electronic contact for electronic mailing (e-mail address);
      3. 1.3.c) phone number;
      4. 1.3.d) work position;
      5. 1.3.e) identification no.;
      6. 1.3.f) taxpayer no.;
      7. 1.3.g) registered seat.
      8. Further data might be processed which were not provided directly by the data subject, such as:
      9. 1.3.h) IP of the device used to access the data controller's website;
      10. 1.3.i) interaction with the data controller's website;
      11. 1.3.j) interaction with the active elements embedded into commercial communication sent by data controller;
      12. DYNEX, while processing the personal data of the data subjects, complies with generally binding legislation and takes care to protect the privacy of data subjects.


      1.4. Under the terms of any generally binding legal regulation, the data subject is not obliged to provide DYNEX with the consent to the processing of its personal data or its personal data; the provision of personal data is entirely voluntary.


      1.5. DYNEX will process the personal data of the data subject automatically in the electronic database as well as manually in a paper form.


      1.6. Data subject’s personal data will only be processed by DYNEX for the following purposes:

      1. 1.6.a) provision of negotiated performance and agreed services and services related thereto, including negotiations on the conclusion of a contract or its change and performance of the conclusion of a contract;
      2. 1.6.b) protection of the legitimate interests pursued by the controller, as well as protection of the vital interests of the data subject or of another natural person;
      3. 1.6.c) for compliance with a legal obligation to which the controller is subject (i.e. to archive the tax documents according to the VAT Act);
      4. 1.6.d) performance of a task carried out in the public interest, shall DYNEX be obliged to perform such a task;
      5. 1.6.e) marketing and commercial purposes.


      1.7. For marketing and commercial purposes under Article 1.6 (e), personal data of a data subject Entity may be processed only if the data subject has granted consent pursuant to 1.1 (a, or DYNEX obtains from its customer details of the electronic contact for electronic emailing in relation to the sale of goods or the provision of the service. In such a case, the data subject is always entitled to refuse to consent to such use of its electronic contact even when sending each individual message if it has not initially refused this use by using the appropriate hyperlink in such a message or by sending the refusal to consent to such use of its electronic contact pursuant to 1.2.a).


      1.8. Personal data according to 1.1.a) will only be processed for as long as the consent of the subject of personal data with their processing will hold, when processing personal data according to 1.1.b) - f), only for the period necessary for the purpose of their processing.


      1.9. Within 3 calendar months at the latest after the processing period according to Article 1.8 has expired, in case of withdrawal of the consent of the personal data subject with processing of personal data according to 1.1.a) without undue delay, the relevant personal data, for which the purpose of their processing has ceased, are destroyed or anonymized . Anonymization of a personal data means the deletion of the identifiers (of all or some) of the data subject to such an extent that it is permanently and irreversibly impossible to identify it. The processed information as a result of anonymization will cease to be personal data.


      1.10. For the purposes of Article 1.6.a), DYNEX will, to the extent necessary, transmit the personal data of the data subject to third parties who will participate in the performance of the contractual obligations (e.g. shipping companies) or to members of its business group (companies DYNEX TECHNOLOGIES, spol. s r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 481 08 731, reg. by CR file no. C 15914 administrated by the Municipal Court in Prague and DYNEX LabSolutions, s.r.o., seated at Prague 1, Nové Město, Senovážné náměstí 978/23, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 066 16 631, reg. by CR file no. C 285541 administrated by the Municipal Court in Prague). However, DYNEX does not publish any processed personal data under any circumstances.


      1.11. The personal data of the data subject may then, to the extent necessary, be transferred to the processor with whom DYNEX has entered into a contract for the processing of personal data.


      1.12. The data subject acknowledges that DYNEX may provide its personal data to a requesting public authority (such as a court or the police of the Czech Republic) to the extent and under the conditions laid down by generally binding legal regulations.


      1.13. DYNEX will always ensure the safe transmission of personal data and its confidentiality when passing on to a third party as well as on its own processing.


      1.14. DYNEX, at the request of a data subject filed in accordance with 1.2 (a), will confirm that it processes personal data concerning it. In such a case, the data subject is entitled to obtain access to such personal data, request DYNEX to rectify it in accordance with 1.17. or erase it according to 1.18, limit their processing according to 1.19. or object to such processing in accordance with 1.15. Further, the data subject has the right to obtain access to information about:

      1. 1.14.a) the purpose of the processing of personal data;
      2. 1.14.b) the categories of personal data concerned;
      3. 1.14.c) the recipients or categories of recipients to whom personal data has been or will be made accessible, in particular of recipients in third countries or within international organizations;
      4. 1.14.d) the period for which the personal data will be stored or if it is not possible to determine the criteria used to determine such a period;
      5. 1.14.e) any available information on the source of personal data, unless it has been obtained from the data subject;
      6. 1.14.f) profiling, which means any form of automated processing of personal data consisting of their use for the assessment of certain personal aspects relating to a data subject;
      7. 1.14.g) transfer of personal data to a third country or international organization.


      1.15. The data subject has the right, in accordance with the procedure in 1.2a), at any time to object:

      1. 1.15.a) against the processing of personal data concerning him or her under 1.1 e) or f), including profiling based on data processed in accordance with these provisions; In such case, DYNEX shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
      2. 1.15.b) against the processing of personal data concerning him or her for marketing purposes, as well as against profiling where this is the case; DYNEX shall no longer process personal data in this case.


      1.16. Where not adversely affecting the rights and freedoms of others, DYNEX will provide a data subject with a copy of the personal data undergoing processing, usually in electronic form, unless the data subject requests a different form of provision. For additional copies provided at the request of a data subject, DYNEX may charge a reasonable fee based on administrative costs.


      1.17. The data subject shall have the right to obtain from DYNEX without undue delay the rectification of inaccurate personal data concerning him or her, or where applicable to have incomplete personal data completed, including by means of providing a supplementary statement.


      1.18. Where it is not the case when processing of personal data is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which DYNEX is subject or for the performance of a task carried out in the public interest or for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices or for the establishment, exercise or defence of legal claims, the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

      1. 1.18.a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. 1.18.b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing according to 1.1;
      3. 1.18.c) the data subject objects to the processing pursuant to 1.15 and there are no DYNEX’s legitimate grounds for the processing overriding the rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
      4. 1.18.d) the personal data have been unlawfully processed;
      5. 1.18.e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law;
      6. 1.18.f) the personal data has been collected in relation to the offer directly to a child under the age of 16, based on his / her consent under 1.1 a).


      1.19. The data subject shall have the right to obtain from DYNEX restriction of processing where one of the following applies:

      1. 1.19.a) the accuracy of the personal data is contested by the data subject, for a period enabling DYNEX to verify the accuracy of the personal data;
      2. 1.19.b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
      3. 1.19.c) DYNEX no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
      4. 1.19.d) the data subject has objected to processing pursuant 1.15 pending the verification whether the legitimate grounds of DYNEX override those of the data subject.
      5. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State; a data subject who has obtained restriction of processing shall be informed by DYNEX before the restriction of processing is lifted.


      1.20. DYNEX shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with 1.17 – 1.19 to each recipient to whom the personal data have been disclosed unless this proves impossible or involves a disproportionate effort. DYNEX shall inform the data subject about those recipients if the data subject requests it.


      1.21. Where the personal data processing is based on a consent of a data subject according to 1.1.c) or on a contract according to 1.1.b) and is carried out by automated means, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to DYNEX, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from DYNEX. That right shall not apply to processing necessary for the performance of a task carried out in the public interest and shall not adversely affect the rights and freedoms of others. In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from DYNEX to another controller, where technically feasible.


      1.22. DYNEX does not make decisions based solely on automated decision making or profiling that would have a legal effect on the data subject or had a significant impact on him. Profiling is carried out by DYNEX solely for the purpose of improving the quality of service provided and marketing.


      1.23. Given that DYNEX has put in place appropriate technical and organizational safeguards for all personal data of data subjects to prevent high risks for their rights and freedoms as a result of a breach of personal data protection, it is very unlikely that the personal data breach shall occur. However, if this highly unlikely situation (i.e. a breach of security of personal data) occurs, DYNEX will report such violation to the data subject without undue delay, including a contact point that can provide more detailed information, a description of the likely consequences of a personal data breach and a description of measures taken or proposed by DYNEX for adoption in order to resolve the personal data breach, including any measures to mitigate possible adverse impacts.


       

       

      This version of Personal data processing policy has been in force since May 25th, 2018

                                                                                                                                                    Ing. Zora Hanzlíková, v. r.

                                                                                                                                                    DYNEX LABORATORIES, s.r.o.




      Personal data processing policy of DYNEX LabSolutions, s.r.o.

      1.1. In accordance with Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and other binding legal regulations, DYNEX LabSolutions, s.r.o., seated at Prague 1, Nové Město, Senovážné náměstí 978/23, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 066 16 631, reg. by CR file no. C 285541 administrated by the Municipal Court in Prague, as a data controller only in an appropriate extent collects, process and stores personal data which were or will be provided by the subject of personal data on the basis of:

      1. 1.1.a) a data subject has given its consent to process his or her personal data for one or more specific purposes, in particular, to send marketing communications, where the data subject is entitled to withdraw at any time, in accordance with the procedure set forth by par. 1.2, or in any other way specified on the DYNEX website; the withdrawal of consent is without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal;
      2. 1.1.b) processing is necessary to meet DYNEX's contract with the data subject or with the person for whom the data subject is acting or for the implementation of pre-contract measures at the request of the data subject or the person for whom the data subject is acting, particularly while negotiating, concluding or fulfilling the contract;
      3. 1.1.c) processing is necessary to meet the DYNEX’s legal obligation, in particular, to keep to the statutory extent of accounting and to keep tax documents, to report any adverse events or to send informative communications according to the relevant legal regulations;
      4. 1.1.d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
      5. 1.1.e) processing is necessary for the performance of a task carried out in the public interest;
      6. 1.1.f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


      1.2. If the data subject decides to exercise his right granted to him by the GDPR or this section of the Privacy Policy:

      1. 1.2.a) towards DYNEX, can do so free of charge at any time via a message sent to the following email address: gdpr@dynex.cz when DYNEX notifies the data subject about the measures taken, or why no action has been taken or otherwise meets its request without unnecessary delay, within a maximum of 30 days; in complex cases, the time limit may be extended by a further 60 days, but the data subject must be notified during the basic period;
      2. 1.2.b) towards the supervisory authority in the form of a complaint, can do so at any time via a message sent to the e-mail address posta@uoou.cz, by posting via data box to qkbaa2n or by writing to The Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7.


      1.3. The data subject acknowledges that processing applies particularly to the identification and contact details provided by him or her to DYNEX, such as:

      1. 1.3.a) name and surname;
      2. 1.3.b) electronic contact for electronic mailing (e-mail address);
      3. 1.3.c) phone number;
      4. 1.3.d) work position;
      5. 1.3.e) identification no.;
      6. 1.3.f) taxpayer no.;
      7. 1.3.g) registered seat.
      8. Further data might be processed which were not provided directly by the data subject, such as:
      9. 1.3.h) IP of the device used to access the data controller's website;
      10. 1.3.i) interaction with the data controller's website;
      11. 1.3.j) interaction with the active elements embedded into commercial communication sent by data controller;
      12. DYNEX, while processing the personal data of the data subjects, complies with generally binding legislation and takes care to protect the privacy of data subjects.


      1.4. Under the terms of any generally binding legal regulation, the data subject is not obliged to provide DYNEX with the consent to the processing of its personal data or its personal data; the provision of personal data is entirely voluntary.


      1.5. DYNEX will process the personal data of the data subject automatically in the electronic database as well as manually in a paper form.


      1.6. Data subject’s personal data will only be processed by DYNEX for the following purposes:

      1. 1.6.a) provision of negotiated performance and agreed services and services related thereto, including negotiations on the conclusion of a contract or its change and performance of the conclusion of a contract;
      2. 1.6.b) protection of the legitimate interests pursued by the controller, as well as protection of the vital interests of the data subject or of another natural person;
      3. 1.6.c) for compliance with a legal obligation to which the controller is subject (i.e. to archive the tax documents according to the VAT Act);
      4. 1.6.d) performance of a task carried out in the public interest, shall DYNEX be obliged to perform such a task;
      5. 1.6.e) marketing and commercial purposes.


      1.7. For marketing and commercial purposes under Article 1.6 (e), personal data of a data subject Entity may be processed only if the data subject has granted consent pursuant to 1.1 (a, or DYNEX obtains from its customer details of the electronic contact for electronic emailing in relation to the sale of goods or the provision of the service. In such a case, the data subject is always entitled to refuse to consent to such use of its electronic contact even when sending each individual message if it has not initially refused this use by using the appropriate hyperlink in such a message or by sending the refusal to consent to such use of its electronic contact pursuant to 1.2.a).


      1.8. Personal data according to 1.1.a) will only be processed for as long as the consent of the subject of personal data with their processing will hold, when processing personal data according to 1.1.b) - f), only for the period necessary for the purpose of their processing.


      1.9. Within 3 calendar months at the latest after the processing period according to Article 1.8 has expired, in case of withdrawal of the consent of the personal data subject with processing of personal data according to 1.1.a) without undue delay, the relevant personal data, for which the purpose of their processing has ceased, are destroyed or anonymized . Anonymization of a personal data means the deletion of the identifiers (of all or some) of the data subject to such an extent that it is permanently and irreversibly impossible to identify it. The processed information as a result of anonymization will cease to be personal data.


      1.10. For the purposes of Article 1.6.a), DYNEX will, to the extent necessary, transmit the personal data of the data subject to third parties who will participate in the performance of the contractual obligations (e.g. shipping companies) or to members of its business group (companies DYNEX TECHNOLOGIES, spol. s r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 481 08 731, reg. by CR file no. C 15914 administrated by the Municipal Court in Prague and DYNEX LABORATORIES, s.r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43 , company ID 266 82 443, reg. by CR file no. C 87028, administered by the Municipal Court in Prague). However, DYNEX does not publish any processed personal data under any circumstances.


      1.11. The personal data of the data subject may then, to the extent necessary, be transferred to the processor with whom DYNEX has entered into a contract for the processing of personal data.


      1.12. The data subject acknowledges that DYNEX may provide its personal data to a requesting public authority (such as a court or the police of the Czech Republic) to the extent and under the conditions laid down by generally binding legal regulations.


      1.13. DYNEX will always ensure the safe transmission of personal data and its confidentiality when passing on to a third party as well as on its own processing.


      1.14. DYNEX, at the request of a data subject filed in accordance with 1.2 (a), will confirm that it processes personal data concerning it. In such a case, the data subject is entitled to obtain access to such personal data, request DYNEX to rectify it in accordance with 1.17. or erase it according to 1.18, limit their processing according to 1.19. or object to such processing in accordance with 1.15. Further, the data subject has the right to obtain access to information about:

      1. 1.14.a) the purpose of the processing of personal data;
      2. 1.14.b) the categories of personal data concerned;
      3. 1.14.c) the recipients or categories of recipients to whom personal data has been or will be made accessible, in particular of recipients in third countries or within international organizations;
      4. 1.14.d) the period for which the personal data will be stored or if it is not possible to determine the criteria used to determine such a period;
      5. 1.14.e) any available information on the source of personal data, unless it has been obtained from the data subject;
      6. 1.14.f) profiling, which means any form of automated processing of personal data consisting of their use for the assessment of certain personal aspects relating to a data subject;
      7. 1.14.g) transfer of personal data to a third country or international organization.


      1.15. The data subject has the right, in accordance with the procedure in 1.2a), at any time to object:

      1. 1.15.a) against the processing of personal data concerning him or her under 1.1 e) or f), including profiling based on data processed in accordance with these provisions; In such case, DYNEX shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
      2. 1.15.b) against the processing of personal data concerning him or her for marketing purposes, as well as against profiling where this is the case; DYNEX shall no longer process personal data in this case.


      1.16. Where not adversely affecting the rights and freedoms of others, DYNEX will provide a data subject with a copy of the personal data undergoing processing, usually in electronic form, unless the data subject requests a different form of provision. For additional copies provided at the request of a data subject, DYNEX may charge a reasonable fee based on administrative costs.


      1.17. The data subject shall have the right to obtain from DYNEX without undue delay the rectification of inaccurate personal data concerning him or her, or where applicable to have incomplete personal data completed, including by means of providing a supplementary statement.


      1.18. Where it is not the case when processing of personal data is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which DYNEX is subject or for the performance of a task carried out in the public interest or for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices or for the establishment, exercise or defence of legal claims, the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

      1. 1.18.a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. 1.18.b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing according to 1.1;
      3. 1.18.c) the data subject objects to the processing pursuant to 1.15 and there are no DYNEX’s legitimate grounds for the processing overriding the rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
      4. 1.18.d) the personal data have been unlawfully processed;
      5. 1.18.e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law;
      6. 1.18.f) the personal data has been collected in relation to the offer directly to a child under the age of 16, based on his / her consent under 1.1 a).


      1.19. The data subject shall have the right to obtain from DYNEX restriction of processing where one of the following applies:

      1. 1.19.a) the accuracy of the personal data is contested by the data subject, for a period enabling DYNEX to verify the accuracy of the personal data;
      2. 1.19.b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
      3. 1.19.c) DYNEX no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
      4. 1.19.d) the data subject has objected to processing pursuant 1.15 pending the verification whether the legitimate grounds of DYNEX override those of the data subject.
      5. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State; a data subject who has obtained restriction of processing shall be informed by DYNEX before the restriction of processing is lifted.


      1.20. DYNEX shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with 1.17 – 1.19 to each recipient to whom the personal data have been disclosed unless this proves impossible or involves a disproportionate effort. DYNEX shall inform the data subject about those recipients if the data subject requests it.


      1.21. Where the personal data processing is based on a consent of a data subject according to 1.1.c) or on a contract according to 1.1.b) and is carried out by automated means, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to DYNEX, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from DYNEX. That right shall not apply to processing necessary for the performance of a task carried out in the public interest and shall not adversely affect the rights and freedoms of others. In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from DYNEX to another controller, where technically feasible.


      1.22. DYNEX does not make decisions based solely on automated decision making or profiling that would have a legal effect on the data subject or had a significant impact on him. Profiling is carried out by DYNEX solely for the purpose of improving the quality of service provided and marketing.


      1.23. Given that DYNEX has put in place appropriate technical and organizational safeguards for all personal data of data subjects to prevent high risks for their rights and freedoms as a result of a breach of personal data protection, it is very unlikely that the personal data breach shall occur. However, if this highly unlikely situation (i.e. a breach of security of personal data) occurs, DYNEX will report such violation to the data subject without undue delay, including a contact point that can provide more detailed information, a description of the likely consequences of a personal data breach and a description of measures taken or proposed by DYNEX for adoption in order to resolve the personal data breach, including any measures to mitigate possible adverse impacts.


       

       

      This version of Personal data processing policy has been in force since May 25th, 2018

                                                                                                                                                    Ing. Zora Hanzlíková, v. r.

                                                                                                                                                    DYNEX LabSolutions, s.r.o.




       

      Advice on personal data processing – general

      The controller of the provided personal data (name, surname, e-mail, telephone) is the hereinafter mentioned business group member with whom you deal with about or within a contractual relationship.

      Members of the business group are:

      • DYNEX TECHNOLOGIES, spol. s r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 481 08 731, reg. by CR file no. C 15914 administrated by the Municipal Court in Prague,
      • DYNEX LABORATORIES, s.r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, PSČ 273 43, company ID 266 82 443, reg. by CR file no. C 87028, administered by the Municipal Court in Prague,
      • DYNEX LabSolutions, s.r.o., seated at Prague 1, Nové Město, Senovážné náměstí 978/23, postal code 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 066 16 631, reg. by CR file no. C 285541 administrated by the Municipal Court in Prague.

      We process the data on the basis of negotiations on the conclusion of the obligation / to fulfill a contractual or legal obligation.

      Upon your request, we will provide you with the access to the data concerning you, rectify or erasure such data, restrict processing of such data or pass such data to another controller. You may object to the processing of such data or, if we do something wrong, file a complaint with the Office for Personal Data Protection.

      The contractual relationship can't be stipulated without the personal data.

      For more information see the "Personal data processing policy" above on this page.
      All claims regarding the data provided, including the withdrawal of consent to the processing, are to be sent to e-mail gdpr@dynex.cz.

      Advice on personal data processing – contact form

      By filling in your personal data into the contact form than pressing the "send" button you express your consent for the processing of your personal data.

      The controller of the provided personal data (name, surname, e-mail, telephone) is DYNEX TECHNOLOGIES, spol. s r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 481 08 731, reg. by CR file no. C 15914 administrated by the Municipal Court in Prague.

      We process the data based on your consent, with the purpose to reply your inquiry with the aid of a marketing tool provided by a 3rd party, for the time of duration of your consent.

      By providing your personal information, you also agree to pass it on to the other members of our business group - DYNEX LABORATORIES, s.r.o., seated at Prague 1, Nové Město, Vodičkova 791/41, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43 , company ID 266 82 443, reg. by CR file no. C 87028, administered by the Municipal Court in Prague and/or by DYNEX LabSolutions, s.r.o., seated at Prague 1, Nové Město, Senovážné náměstí 978/23, postcode 110 00, with premises at Buštěhrad, Lidická 977, postcode 273 43, company ID 066 16 631, reg. by CR file no. C 285541 administrated by the Municipal Court in Prague, based on the nature of your inquiry.

      Upon your request, we will provide you with the access to the data concerning you, rectify or erasure such data, restrict processing of such data or pass such data to another controller. You may object to the processing of such data or, if we do something wrong, file a complaint with the Office for Personal Data Protection.

      The provision of the data is voluntary, but if you do not provide it, we will not be able to reply to your inquiry.

      You may at any time withdraw your consent to process the provided data, which will not affect the legality of processing before withdrawing consent, but the result will be the same as if the data were not provided. Subsequently, we will delete it without unnecessary delay, unless there is another reason to process it (for example, the contract was concluded).

      For more information, see the "Personal data processing policy" above on this page.

      All claims regarding the data provided, including the withdrawal of consent to the processing, are to be sent to e-mail gdpr@dynex.cz.

       

      Advice on the right to object

      Should there be an exceptional situation in which we process personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or for reasons necessary for the legitimate interests of our or third parties, you have a right to object to such processing of your personal data, including profiling based on these reasons, and we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of yours or for the establishment, exercise or defence of legal claims.

      You also have the right to object at any time to the processing of personal data concerning you for direct marketing, which includes profiling to the extent that it is related to such direct marketing. In this case, personal data will no longer be processed for such purpose. Send the objection to gdpr@dynex.cz.

Dynex Dynex